No, PyPI is an open repository, anyone can upload code. If we're informed of a malicious package, we'll remove it, but we can't make any claims to the security of individual packages.

Alex

On Thu, Feb 7, 2019 at 9:55 PM Prateek Mohta <Prateek.Mohta@equifax.com> wrote:
Hey ,

I wanted to check if the packages available on Pypi.org are scanned for any security vulnerabilities or not, can you please confirm.

My concern is how do you control if someone uploads a malicious code on Github


Prateek Mohta
Data Scientist, Data and Analytics
Equifax Inc.

O 770-740-5756
C 404-797-3893
[cid:image002.png@01D4BF16.AE5EC860]<http://www.equifax.com/>


This message contains proprietary information from Equifax which may be confidential. If you are not an intended recipient, please refrain from any disclosure, copying, distribution or use of this information and note that such actions are prohibited. If you have received this transmission in error, please notify by e-mail postmaster@equifax.com. Equifax® is a registered trademark of Equifax Inc. All rights reserved.
-----------------------------
Python Security Response Team
Unsubscribe: https://mail.python.org/mailman/options/psrt/alex.gaynor%40gmail.com


--
All that is necessary for evil to succeed is for good people to do nothing.